SASL password overflow via integer overflow

VULNERABILITY

The internal function Curl_auth_create_plain_message fails to correctly
verify that the passed in lengths for name and password aren't too long, then
calculates a buffer size to allocate.

On systems with a 32 bit size_t, the math to calculate the buffer size
triggers an integer overflow when the user name length exceeds 1GB and the
password name length is close to 2GB in size. This integer overflow usually
causes a very small buffer to actually get allocated instead of the intended
very huge one, making the use of that buffer end up in a heap buffer overflow.